Technical Information
- %TEMP%\eiyvzobr.js
- 'ko###rkum.org':80
- 'al####akhinin.ru':80
- 'qu#####anieriviste.com':80
- 'pu####afacile.it':80
- 'pg####unitycab.com':80
- 'li##roup.ru':80
- 'mo##.org.mk':80
- 'pv###jekt.pl':80
- 'po###loki.ru':80
- http://ko###rkum.org/Lntxhy
- http://al####akhinin.ru/hPBy2R
- http://qu#####anieriviste.com/WIKuLk
- http://pu####afacile.it/JvZ9cX
- http://li##roup.ru/vV9c7l
- http://mo##.org.mk/oiNWQ0
- http://pv###jekt.pl/oLlqvX
- http://po###loki.ru/nbTURt
- http://po###loki.ru/404
- DNS ASK mc####eyhigh.org
- DNS ASK ko###rkum.org
- DNS ASK la###umano.cl
- DNS ASK al####akhinin.ru
- DNS ASK as####station.com
- DNS ASK qu#####anieriviste.com
- DNS ASK pu####afacile.it
- DNS ASK ar####qayler.com
- DNS ASK ma####nkostyle.net
- DNS ASK pg####unitycab.com
- DNS ASK ca##le78.it
- DNS ASK li##roup.ru
- DNS ASK pa###.heutagon.com
- DNS ASK mo##.org.mk
- DNS ASK pv###jekt.pl
- DNS ASK po###loki.ru
- '<SYSTEM32>\wscript.exe' %TEMP%\EiYVZOBR.js